Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Insights blog.
Slicing through CISA’s KEV Catalog
Slicing through CISA’s KEV Catalog
Dive into the critical insights of CISA's Known Exploited Vulnerabilities (KEV) Catalog with Bitsight’s latest blog! Discover how KEVs, which signal urgent cybersecurity risks, are being tracked and mitigated across industries. Learn why addressing these vulnerabilities quickly is vital and how it impacts organizational security.
With the average cost of a data breach in the U.S. reaching nearly $8.6 million, your organization can’t afford to ignore cybersecurity risk. Indeed, the need for security risk management is greater than ever. When cyber risk is managed more effectively, you can focus on innovation and driving business growth.
It’s a question more people are asking with each passing day:
Credit unions must be on high alert for cyberattacks. That’s according to a recent warning issued by the National Credit Union Administration (NCUA), who cautioned the industry of potential avenues of attack, including ransomware and supply chain attacks.
With cyberattacks on the rise, security investments are more important than ever. Still, the pandemic has forced many organizations to reconsider how they allocate their IT dollars. Between the new work-from-home paradigm and the increasingly global nature of many modern workplaces, CIOs have had to accelerate investments in cloud solutions and remote technology.
Cybersecurity incidents are on the rise, and the monetary setbacks for victims are considerable. The average cost of a data breach in the U.S. has soared to nearly $8.6 million, and these costs are expected to grow by 15% over the next five years.
It happened again - another disruptive ransomware attack. On July 2, 2021 Kaseya, a Florida-based software provider that provides Remote Management Monitoring, warned of its software being abused to deploy ransomware on end-customers' systems.
Bitsight, the Standard in Security Ratings, has established itself as not only a clear leader in security ratings but now also in the burgeoning field of data privacy.
In an effort to demonstrate to its customers how seriously it takes protecting their data, and to lead the market to implement more comprehensive data privacy systems and practices, Bitsight is now the proud recipient of TrustArc’s TRUSTe APEC CBPR Enterprise Certification and the TRUSTe APEC PRP Enterprise Certification.
In order to receive this designation, Bitsight completed a demanding certification process based on a comprehensive set of requirements governing data privacy management practices, including the privacy standards set forth in the APEC Cross Border Privacy Rules (CBPR) and the APEC Privacy Recognition for Processors (PRP) Systems. These practices are further detailed in the TRUSTe Enterprise Privacy & Data Governance Practices Assessment Criteria.
In an effort to demonstrate to its customers how seriously it takes protecting their data, and to lead the market to implement more comprehensive data privacy systems and practices, Bitsight is now the proud recipient of TrustArc’s TRUSTe APEC CBPR Enterprise Certification and the TRUSTe APEC PRP Enterprise Certification.
In order to receive this designation, Bitsight completed a demanding certification process based on a comprehensive set of requirements governing data privacy management practices, including the privacy standards set forth in the APEC Cross Border Privacy Rules (CBPR) and the APEC Privacy Recognition for Processors (PRP) Systems. These practices are further detailed in the TRUSTe Enterprise Privacy & Data Governance Practices Assessment Criteria.
The European Union (EU) will soon launch a new regulation that will require banks and firms in the global financial industry to mature their third-party risk management programs to include set cybersecurity requirements – which will also apply to the critical Information and Communication Technology (ICT) service providers they are working with.
Microsoft recently announced that the threat actor Nobelium continues to target government agencies, think tanks, consultants, and non-government organizations with cyber attacks.
Spurred by the pandemic and a need for greater collaboration and business efficiency, cloud adoption is soaring. According to the Flexera 2021 State of the Cloud Report, spending on cloud services this year is predicted to be higher than ever.
To gauge the impact of flawed pseudorandom number generators in network devices, Bitsight scanned the public Internet for RSA public keys and was able to factor the public modulus and recover the private keys for 41,225 network devices. Bitsight has also found that the prevalence of such vulnerable devices on the Internet has been declining in recent years; however, many still pose a risk to organizations that lack security controls to prevent the inadvertent exposure of unmanaged network assets to the public Internet.
In the six months since the SolarWinds supply chain attack there has been increased action in the cybersecurity breach world – and the bad actors aren’t letting up. This means that cybersecurity protection is more critical than ever.
According to a Cybersecurity Ventures report, global cybercrime costs are expected to grow by 15% per year over the next five years — reaching $10.5 trillion USD annually by 2025. In light of this evolving threat environment and recent widespread security events, today’s cybersecurity leaders are under more pressure than ever to prove that their investments in their programs are actually paying off.
After last week’s catastrophic cyber incident targeting Colonial Pipeline, could more U.S. Oil and Energy companies be at risk of a ransomware attack?
In light of recent significant attacks targeting the U.S. government, the Biden administration issued an Executive Order (EO) on cybersecurity on May 8, 2021.
Overall, the EO starts to fill in some critical gaps in US government cybersecurity capabilities. The EO is designed primarily to protect Federal infrastructure, but will also have significant impact on private sector service providers (e.g. software providers) who will now be required to meet new security requirements in order to do business with the U.S. government.
Overall, the EO starts to fill in some critical gaps in US government cybersecurity capabilities. The EO is designed primarily to protect Federal infrastructure, but will also have significant impact on private sector service providers (e.g. software providers) who will now be required to meet new security requirements in order to do business with the U.S. government.